JP2017507552A - Method and apparatus for providing client-side score-based authentication - Google Patents

Abstract

Disclosed are methods, apparatus and systems for generating and verifying a one-time password in connection with risk assessment. The risk assessment is a client-side risk assessment. The risk assessment also includes server-side risk assessment. [Selection] Figure 1

Description

  CROSS REFERENCE TO RELATED APPLICATIONS: This application is the priority of US Provisional Patent Application No. 61 / 922,516, filed December 31, 2013, entitled “A method and apparatus for providing client-side score-based authentication”. The contents of which are incorporated herein by reference in their entirety.

  The present invention relates to securing remote access to computers and applications and remote transactions over a computer network. More particularly, the present invention relates to a method and apparatus for authenticating a user.

  As the popularity of remote access for computer systems and applications has increased, the number and variety of transactions that are remotely accessed over public networks such as the Internet has increased exponentially. This popularity, in particular, how to ensure that those who remotely access an application are who will charge for whom, and how to ensure that a remotely executed transaction has been initiated by a legitimate individual. And the need for security, such as how to ensure that transaction data has not been modified before being received by the application server.

  In the past, application providers have relied on static passwords to provide security for remote applications. In recent years, it has been found that static passwords are not sufficient and more advanced security techniques are required.

  In one solution, a dynamic password is generated that the user passes to the application instead of (or in addition to) a static password. This dynamic password is generated on the client side by cryptographically combining a cryptographic secret and a dynamic variable shared between one client side device and the other server side verification entity. A dynamic variable is a time-based value, a counter-based value, a challenge (eg, provided by the application server), or transaction data representing a transaction that the user wishes to submit to the application server, or a combination thereof. . A dynamic variable can be cryptographically synthesized with a eutectic cryptographic secret, for example, by applying a symmetric cryptographic algorithm to a dynamic variable parameterized with a shared cryptographic secret. For example, the dynamic variable can be encrypted using a symmetric cryptographic algorithm such as AES (Advanced Encryption Standard) or concatenation of dynamic variables, and the shared secret is SHA-1 (Secure Hash Algorithm 1) It can be hashed by a hash algorithm such as In many cases, the resulting cipher is truncated and then converted to a string of characters. This string of characters, referred to as a one-time password or OTP, is displayed to the user for the user to manually copy and forward to the application. If the dynamic variable is based on a challenge, the string of characters is called a response. Also, if the dynamic variable is based on a challenge, a string of characters is considered a signature that spans transaction data. Hereinafter, the term OTP shall refer to such a response or signature. Since OTPs are often manually copied by users, they are typically kept short and are usually shorter than the ciphers from which they were made. On the application server side, the received OTP can be verified. This is typically done by generating an expected reference value for the OTP and comparing the received OTP with the generated reference value. Client devices for generating OTP include dedicated hardware authentication tokens with their own displays and sometimes with a keypad for entering a PIN (Personal Identification Number) or, for example, dedicated hardware authentication A general purpose computing device such as a smart phone that executes authentication software to emulate a wear authentication token.

  The present invention depends on the environment, platform and situation in which the one-time password-based solution depends on the environment, platform and situation in which the one-time password was generated, and the server that verifies the effectiveness of the OTP Based on the inventor's insight that only shows the binary result indicating whether the matched OTP is cryptographically correct without considering the environment and circumstances affecting the level. For example, the risk of a smartphone software authentication application being hacked is significantly higher than a dedicated hardware authentication token. If the client device that generates the OTP is located in a country that is completely different from the user's home country when generating the OTP, this is also an indication that something is wrong.

  Furthermore, the present invention is such that even if the server can take into account information about the circumstances and environment surrounding OTP generation, it is in fact difficult or impossible for the server to obtain this information. Based on other insights. In particular, it is very difficult for the server to obtain location information linked to the client device itself. This is because, in many cases, the only communication channel between the client device and the server is that the user manually copies data between the client device and the server. For reasons of convenience, the amount of information that a user must manually transfer from server to token and from token to server must be strictly limited to a minimum.

  One aspect of the present invention is to provide a method for generating an improved one-time password (OTP). In some embodiments, the method performs a first risk analysis; generates risk information data representing a result of the first risk analysis; determines a first value of the dynamic variable; Generating cryptographic OTP data by cryptographically combining the first value with a cryptographic secret; and obtaining the improved OTP by combining the cryptographic OTP data with the risk information data; Including.

  In certain embodiments, the method is the method of any of the previous embodiments, wherein performing the first risk analysis includes performing a risk assessment for each of the one or more risk factors. In an embodiment, the generation of the risk information data includes combining the results of all the risk assessments of the one or more risk factors. In one embodiment, the first risk analysis groups the one or more risk factors into one or more risk factor categories and corresponds to each of the one or more risk factor categories. Determining the risk assessment category score using the results of the risk assessment of all risk factors of the risk factor category, and the generation of risk information data comprises the risk assessment category of the one or more risk factor categories Including synthesizing the score. In certain embodiments, each risk assessment category score is represented as a bit string, and the generation of risk information data includes the bits of various bit strings corresponding to the one or more risk factor categories. And the risk information data includes an indication of the risk information bit string. In one embodiment, the first risk analysis is performed on a client device operated by a user, and the one or more risk factor categories group all risk factors related to characteristics of the client device itself. Platform risk factor category; user risk factor category that groups all risk factors related to user characteristics and user behavior characteristics; or all risks related to characteristics of the situation or environment in which the client device is operating Including at least one of a situational risk factor category that groups the factors. In some embodiments, the one or more risk factor categories include all three of a platform risk category, a user risk factor category, and a situational risk factor category.

  In one embodiment, the generation of the cryptographic OTP data includes cryptographically synthesizing the risk information data and the first value of the dynamic variable with a cryptographic secret. In an embodiment, the cryptographic synthesis of the first value of the dynamic variable and the cryptographic secret performs a cryptographic algorithm that uses the value of the dynamic variable and is parameterized with the cryptographic secret. including. In some embodiments, the cryptographic algorithm is a symmetric cryptographic algorithm, and the cryptographic secret is shared with an entity adapted to verify or confirm the improved OTP. Symmetric encryption algorithms include, for example, symmetric encryption or decryption algorithms such as AES (Advanced Encryption Standard), or keyed hash algorithms such as HMAC (Hash Based Message Authentication Code). In some embodiments, the symmetric cryptographic algorithm also uses risk information data.

  In some embodiments, the dynamic variable is time based. For example, the dynamic variable includes the value of the clock included in the client device that generates the improved OTP. In some embodiments, the dynamic variable is based on a counter that is stored and maintained, for example, on the client device. In some embodiments, the dynamic variable is based on a challenge given by, for example, an application with which the user interacts. In some embodiments, the dynamic variable is based on data that is submitted to the application by the user and that represents the transaction request associated with the improved OTP.

  In one embodiment, obtaining the improved OTP by combining encrypted OTP data with risk information data generates a masked display of risk information data using the risk information data and a portion of the encrypted OTP data. And combining the encrypted OTP data with the masked representation of the risk information data.

  In certain embodiments, some or all of the steps of the above-described embodiments are performed at the client device. In some embodiments, the client device includes a personal telecommunications device such as a smartphone or tablet. In certain embodiments, the client device executes an authentication client application or authentication client app that performs some or all of the steps of the method for generating an improved OTP.

  Another aspect of the present invention is to provide a method for verifying improved OTP. In certain embodiments, an improved OTP is generated using the method of any of the previous embodiments of the method of generating an improved OTP. In an embodiment, performing a first risk analysis, generating risk information data representing a result of the first risk analysis, determining a first value of a dynamic variable, and determining the first value of the dynamic variable. Improved OTP by generating cryptographic OTP data by cryptographically combining a value with a cryptographic secret and obtaining the improved OTP by combining the cryptographic OTP data with the risk information data Is generated. In an embodiment, the method retrieves the encrypted data from the improved OTP; retrieves the risk information data from the improved OTP; and cryptographically verifies the retrieved encrypted data; Performing a second risk analysis using the retrieved risk information data; and using the results of the cryptographic verification of the retrieved cryptographic data and the second risk analysis, the improved Determining the overall risk level for OTP;

  In one embodiment, the improved OTP includes a masked representation of the risk information data, and the retrieval of the risk information data uses a portion of the retrieved encrypted data to determine the risk information data. Unmasking the masked display.

  In an embodiment, the cryptographic verification of the retrieved encrypted data determines a second value of the dynamic variable that assumes the same value as the first value of the dynamic variable, and the second Using a symmetric cryptographic algorithm that uses a value and is parameterized with a copy of the cryptographic secret to cryptographically synthesize the second value with the copy of the cryptographic secret. In one embodiment, the symmetric cryptographic algorithm also uses retrieved risk information data. In one embodiment, the cryptographic verification of the retrieved cryptographic data comprises: obtaining the retrieved cryptographic data as a result of the cryptographic synthesis of the second value and a copy of the cryptographic secret. Including comparing.

  Yet another aspect of the present invention is a method for securing user interaction with an application, wherein the user interacts with an access device to access the application, and further interacts with a client device associated with the user. Is to provide a way to do. In certain embodiments, the method includes, for example, generating an improved OTP at the client device and verifying the improved OTP at, for example, a verification or verification server. In certain embodiments, the improved OTP is generated using any of the methods for generating improved OTP described above. In certain embodiments, the improved OTP is verified using any of the methods for verifying improved OTP described above. In some embodiments, the method performs, for example, a first risk analysis at a client device; for example, generates risk information data representing a result of the first risk analysis at the client device; A device determines a first value of a dynamic variable; for example, a client device generates cryptographic OTP data by cryptographically combining the first value of the dynamic variable with a cryptographic secret; A client device generates an improved OTP by combining the encrypted OTP data with the risk information data; for example, the client device presents the improved OTP to the user; for example, an access device, Receive the improved OTP presented to the user; for example, confirmation or verification or app A search server to retrieve the encrypted data from the improved OTP; for example, a confirmation or verification or application server to retrieve the risk information data from the improved OTP; for example, a confirmation or verification or application server The retrieved cryptographic data is cryptographically verified; for example, a confirmation or verification or application server performs a second risk analysis using the retrieved risk information data; At a verification or application server, use the results of the cryptographic verification of the retrieved cryptographic data and the second risk analysis to determine the overall risk level of the improved OTP; and, for example, confirmation or verification or application On the server, an action based on the value of all risk levels Determining whether to perform; comprising of.

  In some embodiments, the second risk analysis also includes using information related to other interactions between the user and the application. In some embodiments, the second risk analysis also includes using information related to other interactions between the application and other users than the user.

  In some embodiments, the action includes, for example, granting the user access to a resource. In one embodiment, the action includes logging in a user. In certain embodiments, the action includes, for example, granting a user permission to perform an action or transaction. In one embodiment, the action includes performing a transaction requested by the user. In some embodiments, the improved OTP is associated with the transaction requested by the user. In some embodiments, the improved OTP is provided to the application along with the transaction request.

  Yet another aspect of the present invention is to provide a system that secures the interaction between a user and an application. In certain embodiments, the system is adapted for use in any of the methods for generating the improved OTP described above. In certain embodiments, the system is adapted for use in any of the methods for verifying the improved OTP described above. In certain embodiments, the system is adapted for use in any method that secures the user-application interaction described above.

  In some embodiments, the system includes a client device operated by a user and including a user output interface (such as a display); includes a user input interface (such as a keyboard) and interacts with the user and the user interacts with the application. An access device that allows the user to perform; and an application server that hosts the application. In certain embodiments, the access device and application server are comprised of physically different computers, and the access device and application server are adapted to communicate over a computer network. The computer network includes a local area network, a wide area network, and includes the Internet.

  In one embodiment, the client device performs a first risk analysis; generates risk information data representing a result of the first risk analysis; determines a first value of a dynamic variable; Generating cryptographic OTP data by cryptographically combining the first value with a cryptographic secret stored in the client device; and improving the OTP by combining the cryptographic OTP data with the risk information data. And presenting the improved OTP to the user using the user output interface. In some embodiments, the client device includes a personal telecommunications device such as a smartphone. In certain embodiments, the client device executes a client authentication application or client authentication app that generates an improved OTP (eg, by any method of generating an improved OTP described elsewhere in this description). Adapted to.

  In an embodiment, the access device is adapted to receive an improved OTP presented to the user by the client device using the user input interface. In certain embodiments, the access device is further adapted to transfer the improved OTP to the application server. In some embodiments, the access device includes, for example, a laptop or personal computer (PC) that can connect to the Internet. In some embodiments, the access device runs a web browser to allow the user to connect to the web server and interact with the web application included in the application hosted by the web server.

  In an embodiment, the application server retrieves the encrypted data from the improved OTP; retrieves the risk information data from the improved OTP; and cryptographically verifies the retrieved encrypted data; Performing a second risk analysis using the retrieved risk information data; using the cryptographic verification of the retrieved cryptographic data and the results of the second risk analysis, the improved OTP And determining whether to perform an action based on the total risk level. In certain embodiments, the application server includes one or more server computers. In some embodiments, the computers included in the application server are connected by a computer network (eg, a local area network, a wide area network, or the Internet). In some embodiments, the application server hosts the server portion of the application. In some embodiments, the application server is connected to the Internet. In some embodiments, the application server and access device are connected by the Internet. In certain embodiments, the application includes a web-based application hosted by an application server.

  Client-side risk analysis

  In some embodiments of the present invention, the client device collects information about local risk factors, for example, information about the platform on which the client device is implemented, information about the situation in which the client device is operating, and information about the user who operates the client device. Configured to do. In some embodiments, the client device condenses this risk factor related information into a small number of bits.

  In some embodiments, the client device is configured to collect information regarding local risk factors and perform a first client-side risk analysis. In one embodiment, the bits representing condensed risk factor related information (hereinafter referred to as risk information bits for short) include the results of this first client-side risk analysis.

  In certain embodiments, the client device determines a score for each set of risk factors. In certain embodiments, the client device combines various scores of individual risk factors into a single overall risk analysis score. In some embodiments, the various scores are represented by Boolean values and / or numbers. In some embodiments, the client device synthesizes the score by applying logical rules, Boolean functions and / or mathematical functions to the synthesized score.

  In certain embodiments, the various risk factors are grouped into a number of individual risk factor categories. In one embodiment, the client device determines the score for each category by combining the scores for all risk factors for that category. In some embodiments, the client device combines scores from different categories into a single overall score. In some embodiments, the client device uses only one risk factor category. In some embodiments, the risk information bits include a binary representation of this overall score. In some embodiments, the risk information bits include a concatenation of binary representations of scores for various risk factor categories.

  For example, in one embodiment, the client device includes a number of platform-related risk factor categories (platform categories), user-related risk factor categories (user categories), and / or situation-related risk factor categories (situation categories). Group risk factors in a risk factor category.

  The platform category includes all risk factors associated with the platform on which the client device is implemented. For example, one risk factor in this category indicates whether the client device is a dedicated hardware token or a software application, for example in a smartphone. Another risk factor in this category is determined by the presence or absence (and type) of virus detectors and / or firewalls. Yet another risk factor is determined by considering such a virus checker's detection log. Yet another risk factor in the platform category considers the type of operating system and / or browser software.

  The user category includes all risk factors associated with the user operating the client device. For example, in certain embodiments, the client device captures measurements of certain biometric characteristics of the user (such as fingerprints, iris scans, voice characteristics or facial characteristics) and compares the measurements to a reference template. Has a biometric component. The biometric risk factor score indicates, for example, the degree to which the measured value matches the reference template. Another biometric risk factor indicates the risk that a biometric measurement will be counterfeited or avoided. For example, the client device is adapted to store recent biometric measurements and detect replay attacks (eg, by using audio recordings or facial pictures) and one biometric The risk factor indicates the probability that the biometric measurement actually corresponds to a replay attack. In some embodiments, the client device is adapted to receive a PIN or password from the user and is adapted to compare the received PIN or password with a stored reference value. The client device is adapted to allow a certain number of retries if the user enters the wrong PIN or password. In such cases, the risk factor for the user category takes into account the actual number of attempts a user needs to enter the correct PIN or password (thus the fact that the correct PIN or password was not entered on the first attempt) Indicates that someone has guessed the PIN or password). Another risk factor for the user category relates to the user's behavior (eg, what application the user accesses in what order and how often, how the user uses the input interface, etc.) and The score for this risk factor is determined by analysis of this behavior. For example, in some embodiments, the client device is adapted to receive a PIN or password from the user. The client device is adapted to analyze patterns in which a user enters individual numbers or characters of a PIN or password. For example, the client device measures a series of time differences associated with the user entering a consecutive number or character of a PIN or password. For a specific user, the pattern that this series of time differences has on average has some characteristics for each specific user. If another user enters the same PIN or password, the resulting series of time differences will result in a significant deviation from the average pattern of the first user. The client device determines the risk factor score as a function of the degree to which a given set of time differences for a particular PIN or password entry deviates from the user average pattern of time differences for a PIN or password entry. For example, the greater the degree of deviation, the greater the score specified by the client device for this risk factor.

  The situation category includes all the risk factors related to the local situation in which the client device is operated. For example, in some embodiments, the client device comprises a geolocation component (such as a global positioning system (GPS) component) that can provide an indication of the geographical location of the client device at any time, and the client device Define a number of geographical zones (eg home zone, adjacent zone and remote zone; or eg local zone, regional zone, national zone and foreign zone) and associate a different score with each zone, geolocation Based on the component's geolocation information, determine in which zone the client device is located and take the score associated with the zone in which the client device is currently located to determine the geolocation risk factor To determine the core. In some embodiments, the client device is adapted to determine a local time zone and uses the local time zone as a proxy for the geographic location.

  In certain embodiments, the client device is adapted to track the geographic location where the user uses the client device to generate the OTP. In general, the historical range of locations where a user uses a client device to generate an OTP tends to show a pattern in which some locations occur more frequently than others. The client device associates the risk factor with the extent to which a given geographic location where the client device generates an OTP deviates from the user's historical pattern. When the client device is about to generate a new OTP, the client device compares the client device's actual location with the location history and determines the risk factor score based on the comparison. For example, given the past location where the user has already generated an OTP previously, the score that the client device specifies for this risk factor is so large that the actual location is not normal for the user.

  In some embodiments, the client device assigns each risk factor category a fixed number of bits to represent the score of that risk factor category. In certain embodiments, the number of bits assigned to each risk factor category is the same for all risk factor categories. In other embodiments, the number of bits assigned to each risk factor category varies from one risk factor category to another. In some embodiments, the client device determines the risk information bits by concatenating bits representing scores for various risk factor categories. For example, in one embodiment, each risk factor category is assigned a single bit and the risk information bits consist of the concatenation of all those single bits.

  For example, in one embodiment, the client device represents the score for each risk factor by a numerical risk factor. The client device synthesizes the numerical scores for the various risk factors of the same category by adding the risk factor scores for that category, so that each risk factor score is first weighted to its risk factor specific weighting factor. Multiplied by The resulting sum for that category is then compared to each different category-specific threshold factor, and the result of the comparison determines the Boolean value represented by the single Boolean value for the entire Boolean score for that category. The client device determines the risk information bits by concatenating bits representing Boolean score values of various categories. In other words, the risk information bits consist of a bit string, and each bit of the string is for a particular risk factor category corresponding to that particular bit, the numerical values of the various risk factors belonging to that particular risk factor category. Indicates whether the weighted sum of scores exceeds a particular threshold value associated with that particular risk factor category.

  In some embodiments, the number of risk information bits is limited to 12 bits or less. In some embodiments, the number of risk information bits is 8 bits or less. In some embodiments, the number of risk information bits is 4 bits or less. In some embodiments, the number of risk information bits is 3 bits.

  Passing risk information bits to the server

  In some embodiments, the client device is adapted to pass risk information bits to the server for further analysis, either together with the generated OTP or as part of the OTP. Hereinafter, the OTP including the risk information bit is referred to as an improved OTP. Thus, the improved OTP contains on the one hand the cryptographic data that is the result of the cryptographic synthesis of the dynamic variable and the cryptographic secret shared with the server, and on the other hand the risk of carrying the risk information bits. It is considered to contain information data. Depending on the context, the term OTP refers to an OTP that does not include risk information data, a portion of an improved OTP that does not include risk information data, or simply a shortened form of an improved OTP.

  In certain embodiments, information carried by bits representing condensed risk factor related information remains hidden or masked. For example, these risk information bits are scrambled using bits of OTP cipher data to mask the value of the bits representing condensed risk factor related information. That is, the improved OTP risk information data is masked using all or part of the original OTP encryption data.

  In some embodiments, the risk information bit is appended to the encrypted OTP bit. In some embodiments, the risk information bits are processed using Boolean logic (eg, an exclusive “OR” operation or other operation) with certain cryptographic OPT bits. In some embodiments, the improved OTP includes a string of decimal numbers (ie, base 10 digits), and the improved OTP, on the other hand, is encrypted OTP data (ie, shared between dynamic variables and the server). A series of decimal numbers representing data obtained by cryptographic synthesis with a cryptographic secret that is encrypted) and, on the other hand, a decimal number that encodes the risk information bits, a cryptographic secret shared between the dynamic variable and the server. Including a decimal number obtained by adding or subtracting with a decimal number obtained by cryptographic synthesis. More generally, in some embodiments, the improved OTP includes a base N number string (N is an integer greater than 1), and the improved OTP, on the other hand, is encrypted OTP data (ie, , A series of base N numbers representing data obtained by cryptographic synthesis of dynamic variables and cryptographic secrets shared with the server), and, on the other hand, base N numbers encoding risk information bits. , Including base 10 numbers obtained by adding or subtracting some base 10 numbers obtained by cryptographic synthesis of dynamic variables and cryptographic secrets shared with the server.

  In one embodiment, the integrity of the bits representing the condensed risk factor related information determined by the client device is protected. In some embodiments, the integrity of bits representing condensed risk factor related information determined by the client device is cryptographically protected. In some embodiments, the bits representing the condensed risk factor related information are included in a cryptographic process for generating the OTP. In some embodiments, risk information bits are included in dynamic variables. For example, in one embodiment, the client device uses the risk information bits as special variables along with the dynamic variables, and the client device combines both the dynamic variables and the risk information bits with the shared cryptographic secret. In some embodiments, the client device first combines the risk information bits with a dynamic value (time value, counter value, challenge, transaction data, etc.) to obtain the value of the dynamic variable, Then it is combined with the shared cryptographic secret to generate cryptographic OTP data. For example, in one embodiment, the risk information bits are attached to the dynamic value, and the resulting value is then cryptographically combined with the shared cryptographic secret. For example, in some embodiments, the resulting value is encrypted with a symmetric cryptographic algorithm (such as AES) that is parameterized with a shared cryptographic secret, or the resulting value is a parameter with a shared cryptographic secret. Submitted to a keyed hash algorithm (such as HMAC). In some embodiments, the client device then adds risk information data (representing risk information bits) to, for example, the encrypted OTP data described above to obtain an improved OTP.

  In some embodiments, the client device uses the client device's user output interface to provide the user with the generated improved OTP, which forwards the improved OTP to the application. For example, the client device displays a string of numbers representing the improved OTP to the user on the client device display. A user accessing an application using an access device such as a laptop or PC (personal computer) reads the improved OTP displayed from the display of the client device and, for example, reads the improved OTP on the access device. Giving an improved OTP to the application by giving it to the user input interface (eg, by typing an improved OTP number into the keyboard of the access device), where the access device was given by the user Transfer the improved OTP to the application.

  In certain embodiments, whether the application should grant access to the user when performing further actions, such as using the improved OTP received from the user to determine what permissions are granted to the user Determine whether to accept the transaction submitted by the user, and so on. In some embodiments, the application uses a verification server to verify the received improved OTP. In some embodiments, the validation server is a separate entity of the application. In some embodiments, the verification server is included in the application.

Server-side risk analysis In one embodiment, when the verification server receives the improved OTP, it extracts the risk information bits from the received improved OTP and determines the (remaining) cryptographic validity of the improved OTP. Validate and perform a second server-side risk analysis using the risk information bits extracted from the received improved OTP.

  In certain embodiments, extracting the risk information bits from the received improved OTP masks the improved OTP when the risk information bits are combined with the cryptographic data at the client device to obtain the improved OTP. To perform the operations applied in the client device in reverse. For example, in one embodiment, the improved OTP, on the other hand, is a concatenation of a base N number string that represents the encrypted data of the improved OTP (this is the risk information bit, dynamic variable and shared cipher by the client device). And obtained on the other hand a masked base N number string that encodes the risk information bits, so that the client device encodes the risk information bits. The base N number string that encodes the risk information bits is masked by performing a modulo-N addition (or subtraction) for each base N number and one of the base N numbers representing the encrypted data. Retrieving risk information bits from the improved OTP includes separating the masked numbers encoding the risk information bits and the numbers representing the cryptographic data from the concatenation. Retrieving risk information bits from the improved OTP further includes a modulo-N subtraction (or addition) for each masked digit and the corresponding digit of the encrypted data used by the client device in the masking operation. Doing includes unmasking the masked numbers that encode the risk information bits. Retrieving risk information bits from the improved OTP further includes decoding an unmasked base N digit string used by the client device to encode the risk information bits.

  In certain embodiments, verifying the cryptographic validity of the improved OTP includes retrieving cryptographic data from the improved OTP and, as detailed above, the risk information from the improved OTP. It also includes searching for bits. In some embodiments, verifying the improved OTP cryptographic validity includes verifying the cryptographic validity of the retrieved encrypted data. In certain embodiments, verifying the improved OTP cryptographic validity includes performing cryptographic operations using a server copy of the shared cryptographic secret. In certain embodiments, verifying improved OTP cipher validity determines determining a server copy of a dynamic variable that is assumed to be used by the client device for generation of improved OTP cipher data. Including. In some embodiments, verifying the cryptographic validity of the improved OTP includes cryptographically combining the server copy of the dynamic variable with the server copy of the shared cryptographic secret. In certain embodiments, cryptographically combining the server copy of the dynamic variable with the server copy of the shared cryptographic secret is performed with substantially the same symmetric cryptographic algorithm used by the client device to generate the cryptographic data. Is called. In some embodiments, verifying the improved OTP cipher validity compares the received improved OTP with the result of a cryptographic synthesis of the server copy of the dynamic variable and the server copy of the shared cipher secret. Including doing. In some embodiments, verifying the cryptographic validity of the improved OTP includes cryptographically combining the retrieved risk information bits and the server copy of the dynamic variable with the server copy of the shared cryptographic secret. In some embodiments, cryptographically combining the server copy of the retrieved risk information bits and dynamic variables with the server copy of the shared cryptographic secret is substantially used by the client device to generate the cryptographic data. The same symmetric encryption algorithm is used. In one embodiment, verifying the cryptographic validity of the improved OTP includes receiving the improved OTP, the retrieved risk information bits and the server copy of the dynamic variable, and the server copy of the shared cryptographic secret and the cryptographic theory. Comparing with the result of the synthesis.

  In some embodiments, the server rejects the received improved OTP if the OTP cryptographic validity verification fails. In some embodiments, if the verification of the cryptographic validity of the OTP is successful, the server accepts the OTP as cryptographically correct, and the quality of the improved OTP based on the results of the second risk analysis. Specify the level. Alternatively, the server may assign a risk level to the improved OTP based on the results of the cryptographic verification and the second risk analysis.

  In some embodiments, the second risk analysis is based on risk information bits retrieved from the improved OTP. In certain embodiments, the second risk analysis is performed based on different scores for different risk factor categories encoded by the client device in the risk information bits retrieved from the improved OTP. In some embodiments, the risk information bits encode the scores determined by the client device for a number of risk factor categories, and the second risk analysis uses those scores encoded in the risk information bits as score reference values. Comparing with For example, in one embodiment, the score reference value includes a threshold value, the corresponding score encoded in the risk information bits is compared to the threshold value, and the encoded score for the risk factor category is If the corresponding threshold value is exceeded, a Boolean flag is set for the risk factor category. In certain embodiments, the score reference value includes a scaling value, the corresponding score encoded in the risk information bits is compared to the scaling value, and the score encoded for the risk factor category is the corresponding scaling value. A risk estimate is calculated for the risk factor category by multiplying (or dividing) by. In certain embodiments, the second risk analysis includes determining Boolean flags for multiple risk factor categories and combining the Boolean flags using one or more Boolean functions. In certain embodiments, the second risk analysis includes determining numerical values for a number of risk factor categories and combining the numerical values using arithmetic calculations. In some embodiments, the second risk analysis is parameterized by the application such that, based on parameter values provided by the application, for example, certain risk factor categories are given different weights to the analysis. Is done.

  In certain embodiments, the second risk analysis includes information other than information retrieved from the received improved OTP. In some embodiments, the server uses information related to the user or information related to the transaction for which the improved OTP was generated. In some embodiments, the server uses information related to other users or other transactions. For example, in one embodiment, the server uses information about the improved OTP generated for transactions that are found to be fraudulent. For example, in one embodiment, the server increases the weight of a risk factor category if the score for that risk factor category has an abnormal value in a recent set of fraudulent transactions.

  In some embodiments, the result of the second risk analysis is a risk level or quality level that the server specifies for the improved OTP or for the transaction request associated with the improved OTP. In some embodiments, the quality level or risk level specified by the server for the received improved OTP is one-dimensional. In some embodiments, the risk or quality level assigned to the OTP is represented numerically. In some embodiments, this number is any value in the continuous range of numbers. In certain embodiments, this number has only one of a limited set of individual values. In certain embodiments, the quality or risk level specified for OTP is multidimensional. In some embodiments, the risk or quality level assigned to the OTP is represented by a vector. In certain embodiments, at least some of the vector components are numbers. In some embodiments, some of these numbers have one of a limited set of individual values. In some embodiments, some of these numbers are arbitrary values in a continuous range of numbers.

  In certain embodiments, the application determines whether to accept OTP after the second risk analysis based on the quality level or risk level specified for the OTP or for transactions associated with the OTP. Based on the quality level or risk level specified in the OTP or in the transaction associated with the OTP, the application may, for example, grant access to the user or receive a transaction submitted by the user and associated with the OTP. Determine if it should be acceptable.

  The foregoing and other features and advantages of the embodiments described herein will become apparent from the following specific description of embodiments of the aspects of the invention illustrated in the accompanying drawings.

1 schematically illustrates an exemplary method according to an aspect of the present invention. 1 schematically illustrates an example system according to an aspect of the present invention.

  Several implementations of the embodiments described herein are described below. Although specific implementations are described, it should be understood that this is merely an example. It will be apparent to those skilled in the art that other components and configurations can be used without departing from the spirit and scope of the invention.

  FIG. 1 schematically illustrates an exemplary method (100) according to aspects of the present invention. The method locally determines a score for a set of risk factors at an authenticating client device (110) and performs a first client-side risk analysis using the risk factor scores at the authenticating client device (120). The authentication client device summarizes the result of this first client-side risk analysis in a short risk information bit string (130), and the authentication client device encrypts the dynamic variable and the secret key shared with the verification server. Synthesizing and generating a one-time password by merging the risk information bit string with the result of the cryptographic synthesis (140) and sending the one-time password to the verification server (150); On the validation server, whether the received one-time password The risk information bit string is extracted (160), the verification server cryptographically verifies the one-time password using the shared secret key (170), and the verification server extracts the risk information bit string. To perform a second risk analysis (180) and take appropriate action (190) based on the results of the second risk analysis and a one-time password encryption verification (190).

  The above-described techniques can be applied to device types (eg, client side devices that perform risk analysis and / or host side devices that perform risk analysis), system types (client side, host side, client / host combination), and And / or embodied in a method for performing risk analysis.

  FIG. 2 schematically illustrates an example system (200) according to aspects of the present invention. In some embodiments, a system that secures the interaction between an application and a user, such as the system (200) shown in FIG. 2, is an application server (210) that hosts the server portion of the application; user (290). An access device (230) that allows (remote) access to the application; an authentication client device (240) for generating an improved OTP; and a second check for improved OTP and a second for improved OTP A verification server (220) for performing risk analysis, whereby the application server and access device include a computer network (250) (local area network, wide area network, the Internet, and combinations thereof) The access device is adapted to execute the client portion of the application, the authentication client device is adapted to provide the generated improved OTP to the user, and the access device is In addition, it is adapted to forward the generated dynamic credentials to the application server or verification server for confirmation, wherein the verification server signals to the application server whether the improved OTP has been verified valid, and / or Or adapted to communicate the risk level or quality level specified in the improved OTP to the application server.

  In certain embodiments, the system is adapted to perform any of the above methods for generating and verifying an improved OTP.

  In certain embodiments, the verification server is adapted to perform any of the above methods for validating an improved OTP. In some embodiments, the application server and the verification server are the same server. In some embodiments, the application server and verification server include one or more server computers. In certain embodiments, the computer network includes the Internet and / or a wireless telecommunications network. Similarly, a computer network is a local area network, a wide area network, and / or a combination of each, including a telecommunications network and / or the Internet.

  In certain embodiments, the access device has a user interface for interacting locally with the user. For example, in certain embodiments, the access device has a user input interface such as a keyboard, mouse, or touch screen for receiving user input. In certain embodiments, the access device has a user output interface such as a display or speaker for presenting the user with an output that includes visual or auditory signals. In an embodiment, the access device includes a PC (personal computer), a tablet computer or a smart phone.

  In some embodiments, an application (such as an Internet banking application) is executed on a server portion that runs on a remote application server and on a user's access device, and for example, to access the server portion of the application over the Internet. Contains the client part with which the user interacts. In some embodiments, the application includes a web-based application and the application server includes a web server. In some embodiments, the application server is accessed by the user using a web browser on the user's access device. In certain embodiments, the client portion of the application includes an applet (eg, a Java applet) or a script that is executed in a web browser on the user's host computer. In some embodiments, the user accesses the server portion of the application with a smartphone. The smart phone functions as an access device (230), and the client application that runs on the smart phone includes a smart phone app (such as an internet banking app), so that the app is passed through the smart phone user interface. While interacting with the user, for example, interact with the application server via the Internet.

  In some embodiments, the authentication client device has a user interface for local interaction with the user. For example, in some embodiments, the authentication client device has a user input interface such as a keyboard, mouse, or touch screen for receiving user input. In some embodiments, the authentication client device has a user output interface such as a display or speaker for presenting the user with an output that includes visual or auditory signals. In some embodiments, the authentication client device includes a tablet computer or a smartphone. In some embodiments, the authentication client device has an operating system such as an Android or Windows Mobile or Windows Phone version. In some embodiments, the authentication client device executes an authentication application to generate an improved OTP. In certain embodiments, the authentication device is adapted to perform any of the above methods for generating an improved OTP.

  A number of implementations have been described. Nevertheless, it should be understood that various changes may be made. For example, one or more implementation elements may be combined, deleted, modified, or supplemented to form additional implementations. Accordingly, other embodiments are within the scope of the claims. Moreover, while specific features have been disclosed for only one of a number of implementations, such features may be used as appropriate to one or more other features of other implementations, as well as given or It may be combined with effects for a specific application. Although various embodiments have been described above, they are merely examples and are not limited thereto. In particular, of course, not all possible combinations of components or methods can be described for the purpose of explaining the subject matter of the claims, but those skilled in the art may have many other combinations and permutations. Be recognized. Accordingly, the latitude and scope of the teachings set forth herein should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the claims and their equivalents.

200: prescriptive system 210: application server 220: verification server 230: access device 240: authentication client device 250: computer network 290: user

Claims (28)

In a method for generating an improved OTP,
Perform the first risk analysis,
Generating risk information data representing a result of the first risk analysis;
Determine the first value of the dynamic variable;
Cryptographically combining the first value of the dynamic variable with a cryptographic secret to generate cryptographic OTP data, and combining the cryptographic OTP data with the risk information data to obtain the improved OTP ,
A method comprising the steps of:   The method of claim 1, wherein performing the first risk analysis includes performing a risk assessment for each of the one or more risk factors.   The method of claim 2, wherein generating the risk information data comprises combining the results of all the risk assessments of the one or more risk factors.   The first risk analysis groups the one or more risk factors into one or more risk factor categories, and for each of the one or more risk factor categories, all of the corresponding risk factor categories Determining the risk assessment category score using the results of the risk assessment of risk factors, and the generation of risk information data synthesizes the risk assessment category scores of the one or more risk factor categories The method of claim 2 comprising:   Each risk assessment category score is represented as a bit string, and the generation of risk information data concatenates bits of various bit strings corresponding to the one or more risk factor categories into a risk information bit string. And the risk information data comprises a representation of the risk information bit string. The first risk analysis is performed on a client device operated by a user, and the one or more risk factor categories are:
Platform risk factor category, which groups all risk factors related to the characteristics of the client device itself,
A user risk factor category that groups all risk factors related to user characteristics and user behavior characteristics, or a situation that groups all risk factors related to operating client devices or environmental characteristics Risk factor category,
The method of claim 4, comprising at least one of:   The method of claim 6, wherein the one or more risk factor categories include three of the platform risk category, the user risk factor category, and the situational risk factor category.   The method of claim 1, wherein the generation of the encrypted OTP data comprises cryptographically combining the risk information data and the first value of the dynamic variable with a cryptographic secret.   The cryptographic synthesis of the first value of the dynamic variable and the cryptographic secret includes performing a symmetric cryptographic algorithm using the value of the dynamic variable and parameterized with the cryptographic secret. The method of claim 1.   The method of claim 9, wherein the symmetric cryptographic algorithm also uses the risk information data.   The method of claim 1, wherein the dynamic variable is time based.   The method of claim 1, wherein the dynamic variable is counter-based.   The method of claim 1, wherein the dynamic variable is challenge based.   The method of claim 1, wherein the dynamic variable is based on data representing a transaction request associated with the improved OTP.   Obtaining the improved OTP by combining the encrypted OTP data with the risk information data generates a masked display of the risk information data using the risk information data and a portion of the encrypted OTP data. And synthesizing the encrypted OTP data with the masked representation of risk information data. A method for confirming an improved OTP, wherein the improved OTP comprises:
Perform the first risk analysis,
Generating risk information data representing a result of the first risk analysis;
Determine the first value of the dynamic variable;
Cryptographically combining the first value of the dynamic variable with a cryptographic secret to generate cryptographic OTP data, and combining the cryptographic OTP data with the risk information data to obtain the improved OTP ,
In a method generated by
Retrieving the encrypted data from the improved OTP;
Retrieving the risk information data from the improved OTP;
Cryptographically verifying the retrieved encrypted data,
Performing the second risk analysis using the retrieved risk information data, and the improved using the results of the cryptographic verification of the retrieved cryptographic data and the second risk analysis Determine the overall risk level for OTP,
A method including the steps of   The improved OTP includes a masked representation of the risk information data, and the retrieval of the risk information data uses the portion of the retrieved encrypted data to produce the masked representation of the risk information data. The method of claim 16, comprising unmasking. The cryptographic verification of the retrieved cryptographic data is:
Determining a second value of the dynamic variable, and using the second value and using a symmetric cryptographic algorithm parameterized with a copy of the cryptographic secret, Synthesize cryptographically with a copy of
The method of claim 16, comprising:   The method of claim 18, wherein the symmetric cryptographic algorithm also uses the retrieved risk information data.   The cryptographic verification of the retrieved cryptographic data comprises comparing the retrieved cryptographic data with the result of the cryptographic synthesis of the second value and the copy of the cryptographic secret. The method of claim 18 comprising. A method for securing a user interaction with an application, wherein the user interacts with an access device to access an application and further interacts with a client device associated with the user.
Perform the first risk analysis on the client device,
Generating risk information data representing the result of the first risk analysis on the client device;
Determine the first value of the dynamic variable at the client device;
Generating cryptographic OTP data by cryptographically combining the first value of the dynamic variable with a cryptographic secret at a client device;
Generating an improved OTP by combining the encrypted OTP data with the risk information data at a client device;
Presenting the improved OTP to the user at a client device;
Receiving the improved OTP presented to the user at the access device;
Retrieving the encrypted data from the improved OTP;
Retrieving the risk information data from the improved OTP;
Cryptographically verifying the retrieved encrypted data,
Performing a second risk analysis using the retrieved risk information data;
The result of the cryptographic verification of the retrieved cryptographic data and the result of the second risk analysis is used to determine the total risk level of the improved OTP and to perform an action based on the value of the total risk level. Determine whether or not
A method including the steps of   The method of claim 21, wherein the second risk analysis also includes using information related to other interactions between the user and the application.   The method of claim 21, wherein the second risk analysis also includes using information related to other interactions with the application and other users other than the user.   The method of claim 21, wherein the action includes granting access to the user.   The method of claim 21, wherein the action includes granting a permission to the user.   The method of claim 21, wherein the action comprises performing a transaction requested by the user. In a system that secures the interaction between the user and the application,
A client device operated by the user and including a user output interface;
An access device including a user input interface and interacting with the user and allowing the user to interact with the application, and an application server hosting the application, the application server and the access device being physically different If it is a computer, an application server that communicates with the access device via a computer network,
The client device comprises:
Perform the first risk analysis,
Generating risk information data representing a result of the first risk analysis;
Determine the first value of the dynamic variable;
Generating cryptographic OTP data by cryptographically combining the first value of the dynamic variable with a cryptographic secret stored in the client device;
Generating an improved OTP by combining the encrypted OTP data with the risk information data, and presenting the improved OTP to the user using the user output interface;
The access device is adapted to
Receiving the improved OTP presented to a user by a client device using the user input interface;
And the application server is adapted to
Retrieving the encrypted data from the improved OTP;
Retrieving the risk information data from the improved OTP;
Cryptographically verifying the retrieved encrypted data,
Performing a second risk analysis using the retrieved risk information data;
Determining a total risk level for the improved OTP using the results of the cryptographic verification of the retrieved cryptographic data and the second risk analysis, and performing an action based on the total risk level To decide whether or not to
Adapted to the system.   28. The system of claim 27, wherein the client device comprises a personal telecommunications device.

Images